Microsoft Fixing Windows 8 Flaws, But Leaving Them In Windows 7 218
mask.of.sanity sends this news from El Reg:
"Microsoft has left Windows 7 exposed by only applying security upgrades to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries using a custom diffing tool and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities. The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks. [Video, slides.]"
Shoddy Ethics (Score:4, Interesting)
The bugs exist for a reason. If it's not broken now why buy the new version?
Re:Shoddy Ethics (Score:5, Insightful)
Windows 7 is still supported, so doing this now isn't shoddy ethics, it's a breach of contract. If they think that having shorter support periods will drive more sales, then have to start with Windows 9.
Re: (Score:2)
Huh? Read what you just wrote. I would say knowingly breaking your contract is a breach of ethics.
Re: (Score:2, Informative)
No, it's a breach of law meaning it can be taken to court. A breach of ethics doesn't necessarily allow that unless what they're doing is not only unethical but also unlawful due to existing laws.
Cutting off support for software isn't against the law unless you were promised updates for a specific longer term of support. Which was given with Windows 7. If there wasn't a promised amount of time for updates/patches promised beforehand, it'd just be a dick move.
Re:Shoddy Ethics (Score:5, Funny)
Breach of ethics is not possible for Microsoft: They never had any to break in the first place.
Re: (Score:2)
This is not about fixing any (known) bugs, but rather about making code more resilient in the face of potential buffer overrun bugs.
Simply put, it's taking an existing codebase that uses strcat and strcpy, and replacing their use with strlcat and strlcpy. StrSafe.h is a Windows-specific equivalent of those two BSD functions. IntSafe.h is a library that does something similar for integer arithmetic (to trap overflow issues).
This makes sense... (Score:5, Informative)
Windows Sustained Engineering is a different org across the street with different funding and goals, and they don't automatically fix all of the bugs the Windows feature teams fix. There's a triage process for deciding whether bugs are important enough to fix in downlevel releases.
Re:This makes sense... (Score:5, Informative)
This. And there's no evidence that these changes correspond to exploitable security vulnerabilities. If you look at the slides, what they're actually complaining about is that certain OS code paths have been updated to use intsafe.h/strsafe.h functions in Windows 8, but not in Windows 7. Because intsafe/strsafe are used to help avoid overflow vulnerabilities, the conclusion the article draws is that these must be actual vulnerabilities, which are being fixed in Windows 8 without being ported to Windows 7.
It's worth noting that the entire presentation that the article is based on is an advertisement for their DiffRay diffing tool, so they have some incentive to overstate things. It's entirely possible that the changes that they're pointing out as "fixing potential 0-days in 8 but not 7" are actually just moving a couple of bounds checks from ad-hoc implementations in the functions themselves to the standardized common intsafe calls. Or it could be that there is already correct bounds enforcement elsewhere, and these checks are just added for redundancy, or to make function-local static analysis a little bit cleaner. I honestly don't know, but there are enough plausible benign explanations that the alternative of "Microsoft is deliberately exposing its largest set of customers to vulnerabilities" seems kind of absurd. Bring me the extraordinary evidence for this claim.
Disclosure: I'm a dev on the Windows team. I don't have any specific knowledge of this, and I'm not writing this in any official or compensated capacity.
Re:This makes sense... (Score:5, Interesting)
Re: (Score:3)
If you've ever actually used those libraries, there's nothing magically safer about them. You can more easily port old code to those libraries in such a way that all vulnerabilities are maintained than you can port and do it right. So it comes down to code review during the port. You get the same safety with the same code review without actually porting anything.
Those libraries (with good code review) are like a "W2K safe" sticker of yesteryear: a sign that someone looked at the problem, which is great,
Re: (Score:2)
YEAH and I could say IE 6 is just as secure as no security in design does not mean more exploits. One of my clients who switched from XP to 7 noticed a drop in malware.
Newer kernel features reduce 0 days as evident in 7 compared
Re: (Score:2)
It all sounds like basic refactoring to me.
A simple search-&-replace of old function to new functions, not because it's necessary but because their current coding standards says they should.
I've done similar refactoring in the past, simply to get rid of some automated coding standard checker notices.
This makes sense... (Score:5, Interesting)
No, they should not consider Windows 7 a "downlevel" release. I just bought a NEW computer with Windows 7 on it for a relative, and had to pay a premium to get W7 instead of W8. I don't need a repeat of the XP debacle! Windows 7 is the MAIN operating system from Microsoft today, Windows 8 is only a trial balloon. Since I did pay for W7 I expect FULL support for its lifetime not some half assed job designed to force people to upgrade prematurely.
The advice from the computer repair shop my relative used this very week was to get W7 and avoid W8. This is not just some disgruntled people avoiding W8, it is very much mainstream.
Re: (Score:3)
Support, even FULL support, means fixing bugs; in practice, fixing important bugs. One thing it certainly doesn't mean is making every possible improvement.
There's no evidence as yet that any of the changes in question were bug fixes.
It's Time To Move On. (Score:4, Insightful)
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."
"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""
From:
Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/
Re:It's Time To Move On. (Score:5, Interesting)
Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012).
This could turn into a debate lasting days, but suffice it to say that from a technical level Windows is pretty secure. 90% of all exploits these days hit third-party applications that also happen to run on Linux and OSX (flash, java, adobe reader). Im sure Stallman would rail against those too, and he would actually be right, but the point is that the vast majority of users need those plugins and he is being deceitful if he is attempting to paint the various Flash player exploits as problems with Windows, or as problems endemic to Closed Source Software.
And you, too, have a bit of gall posting this, after some of the hugest security holes to hit the net were just released, both affecting OSS. Ideology is great until you hit the real world, and realize that things are never as simple as "I hate Microsoft, therefore Windows is technically bad", or "Closed source software has trust issues, therefore all OSS is inherently more secure". My hope is that all who take this like will grow up and abandon their zealotry before they enter the workforce.
Re:It's Time To Move On. (Score:5, Insightful)
The question is not just whether an OS is secure, but how long it takes for patches to be rolled out. While Microsoft often sits on their laurels when it comes to releasing patches, the king of procrastination is Oracle, which has left known issues in the wild for decades.
Still, I don't disagree with the general intent of your post, which I read as "closed source is not necessarily worse than open source." But that's only up to a point -- timely patches are critical to maintaining the security of a system, and when Microsoft purposely omits patches for downlevel releases that are still under support, they do a great disservice to their customers, to the 'net community as a whole, and to their own reputation and therefore bottom line.
Re: (Score:2)
I imagine there are architectural differences between Win7 and Win8. Win7 is still supported heavily in the enterprise, and I dont believe for a second that Microsoft has some perverse desire to screw over their biggest customers.
Patching time (Score:2)
You do realize that with paying customers you can't just crank out a patch overnight and hope it doesn't affect any other piece of software. Of course when a Linux patch breaks something all you have is neckbeards sending you nasty emails. Microsoft is open to lawsuits and contract issues.
Re: (Score:2)
Microsoft is open to lawsuits and contract issues.
No, it's not.
Re:It's Time To Move On. (Score:5, Insightful)
Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012). This could turn into a debate lasting days, but suffice it to say that from a technical level Windows is pretty secure.
You totally misunderstand Stallman's point. Stallman is not arguing that open source leads to better quality software. That would be Eric Raymond. Stallman is arguing that you can't trust Microsoft. More of an Auguste Kirchhoffs [wikipedia.org] interpretation. And I don't see what OSX has to do with free software.
Stallman objects to closed source philosophically, and Windows especially. In addition to being proprietary, Stallman is arguing that Windows has features to report your use of Microsoft software and potentially lock you out (Windows Activation [microsoft.com]), to add or delete software without warning (Windows Update [microsoft.com]), to track you across any device around the world (Microsoft Account [microsoft.com]), and to keep you from using the computer in inappropriate ways (Protected Media Path, [microsoft.com] Driver Signing, [microsoft.com] Secure Boot [microsoft.com]). I don't see how he's wrong.
Somebody in the Chinese government seems to have noticed, and is now trying to get Windows banned [cnet.com] there.
My hope is that all who take this like will grow up and abandon their zealotry before they enter the workforce.
"The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." - George Bernard Shaw
Re:It's Time To Move On. (Score:4, Insightful)
Hes not wrong, except he beats a dead horse. Everyone knows what Windows activation is, that you cant patch Windows yourself, that you cant inspect the code.
Incidentally Driver Signing and Secure Boot can both be turned off, and theyre not to stop you from misusing your computer. You (he) might as well complain that AppLocker or Software Restriction Policies are draconian DRM-- except theyre really not, theyre a mechanism to harden the OS.
>>(Quote)
Stallman takes his ideology so far that he becomes completely irrelevant. I know of noone outside of the OSS movement (and surprisingly few in it) that actually take him seriously-- he goes so far off the deep end that hes managed to alienate a full half of the Unix userbase as well.
Re:It's Time To Move On. (Score:5, Insightful)
Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012).
Yes, and OSX falling first had nothing to do with the participants specifically targeting it. I mean, they would have nothing to gain from focusing their efforts on a single operating system, like the bragging rights of hacking a supposedly "secure" platform, or taking Macintosh snobs down a notch, or winning a $2000 Mac laptop instead of a $500 Dell. No siree.
Re:It's Time To Move On. (Score:5, Informative)
Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012).
Do you remember how Pwn2Own worked? Obviously not. It was turned based not race based meaning a team/person was selected to try their exploit first before any other team. And the team got to select which system they tried because they got to own that system.
If that team did not succeed, the next team got a try. Of course, teams would try systems they both wanted and had exploits. No one picked a system they didn't want. Most often it was OS X first on the first try. But Windows systems also fell on their first try. Almost never did a Linux system fall. In fact, many times, a Linux system was never attempted.
And it was never fully patched system. The systems were also fixed at a certain date prior to the contest so that the teams had a chance to attack it. Sometimes the exploits had been patched already.
Re:It's Time To Move On. (Score:4, Insightful)
Pwn2Own was useful because the common claim was that it wasnt just the huge userbase of windows that attracted exploit writers. but that it was that Windows was actually less secure than OSX. But when a shiney new laptop is on the line, people had no problem getting root. You can argue that OSX had 9 root-level exploits and Windows had 10 in any given competition-- but its sort of a moot point. By far and away the biggest factor in what systems get exploited is monetary gain and return on investment.
Id also note that, in the actual real world, somethin like 85-90% of exploits are non-OS-- theyre browser or browser plugin exploits. The only people arguing that Windows is more vulnerable to viruses are people with no friggin clue. Remove Java and virus incidence goes down like 50%.
Re: (Score:2)
Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012).
Err you do realize that OSX is not Linux don't you?
Re: (Score:2)
90% of all exploits these days hit third-party applications that also happen to run on Linux and OSX (flash, java, adobe reader). Im sure Stallman would rail against those too, and he would actually be right, but the point is that the vast majority of users need those plugins and he is being deceitful if he is attempting to paint the various Flash player exploits as problems with Windows, or as problems endemic to Closed Source Software.
No one needs Adobe Reader. It's a bloated piece of trash which, as you
Re: (Score:2)
No one needs Adobe Reader...There's tons of alternative PDF viewers you can use.
A lot of them lack features that Adobe Reader has. You're right that Adobe makes awful software, but again: in reality, people actually use it, and its sort of irrelevant to go on about how they dont actually need to.
OpenJDK hasnt worked with any applet I've ever tried.
Re: (Score:3, Insightful)
Re: (Score:2)
Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer.
There's many sides to this. With all the bugs, missing features, and subpar performance, also free software restricts what I can do with my computer.
The ideas of free software can be beautiful, but if they produce crusty software which just makes my life unnecessarily more clunky compared to the proprietary alternative, it's a bit of a "meh" to me. To squeeze the most out of my computer is still the most important battle for me.
Dear Microsoft.... (Score:5, Funny)
Dear Microsoft,
Dear gods, please catch a ride on the clue train. Businesses don't want Windows 8 - the retraining necessary is just too costly, and all the cool features involving touch are useless for the cube farm drones.
So just stop your stupid shit, realize the Windows 7 is your nex XP, make sure that Windows 9 undoes a lot of the silly bullshit, and maybe you won't completely jump the shark.
Um also while I (fail to) have your attention - the Ribbon is still stupid. Stop wasting my screen real estate and go back to proper menus. // yeah I know it's a pipe dream, but I needed to rant and rage.
Re:Dear Microsoft.... (Score:5, Informative)
After having played with a surface tablet and an "embedded" windows 8 computer (those things that combine the computer and the screen), I can tell you this about the touch features: they are broken by design, gets in the way of doing things (even moving a file is more complicated than using a mouse, and why doesn't the keyboard pop up when hitting a textbox?), and as such are useless for everyone, not just the cube farm drones.
Re: (Score:2)
The problem I have for Windows 8 is that the keyboard DOES pop up when hitting a textbox... when I have a hardware keyboard attached.
That said, I am developing a touch-friendly web app, so as a cube farm drone, touch is very useful for me. :)
Re: (Score:2)
Re:Dear Microsoft.... (Score:5, Funny)
Dear Microsoft,
Please make Windows 9 touch only, do not give anyone any menu, use the well known principle of most surprise for the user interface design, break all possible APIs, come up with another Uncommon Language Runtime, force me log into everything with the same username and password security be damned, put Bing on the way of actually getting to internet and if you could Ribbon me another two three screenfuls, all would be dandy.
Only by implementing these urgent measures will you guarantee your local fanbase of 2 people will stay very loyal. And the rest can move on to better things and world will be a better place.
Thanks,
Your local detractor.
Re: (Score:2)
That's rather optimistic thinking there. Businesses haven't switched away from MS yet, despite all the dumb stuff they've done, so I'm quite sure they could do all those things you listed there, and businesses would continue to buy their crap.
Re:Dear Microsoft.... (Score:5, Interesting)
I've successfully gotten die-hard MS Office users to use OpenOffice precisely because it had menus rather than the stupid ribbon. The Oracle branding helped, and I think the Apache one probably would be just as effective.
Re: (Score:3)
I still use Excel 2003 for 90% of my excel work as I still have several custom toolbars that cannot be recreated w/ the ribbon. Being able to do many repeated functions w/ one click makes a world of difference.
Re: (Score:3)
Oracle is a famous and well-respected brand for anybody who hasn't a clue what they actually produce.
Re: (Score:3)
and all the cool features involving touch are useless for the cube farm drones.
Powershell 4.0 and 5.0, however, are not, nor is HyperV.
Sort of amazing that a supposedly technical community thinks that the only thing different about Windows 8 is the GUI.
Re: (Score:3)
And, of course, these are unavailable on 7 for purely technical reasons.
Re: (Score:2)
Im not sure you understand how commercial software works. Theres no technical reason that the features in any particular software, version n+1, couldnt be backported-- except for the fact that a lot of the time the whole point is that new features require additional work and additional funding.
And for the record, Powershell 4 actually IS backported to Win7... not sure about Powershell 5, as its still in RC.
Re: (Score:2)
Powershell is worthless. HyperV is great.
PS is worthless because, in order to do anything useful, you need to fire up visual studio. Give me a gnu userland any day.
Um... PowerShell has nothing to do with Visual Studio. In fact (among other things), PowerShell lets you easily script against the native .NET libraries without having to compile code.
Re: (Score:2)
I wouldn't go so far as "useless", but I'd say powershell would be a lot more useful if I could count on having the AD and Exchange cmdlets available. As it is, many of my admin scripts are tied to my workstation due to dependencies.
Or, the answer is I'm an idiot who doesn't know the right way to package and distribute powershell scripts.
Re: (Score:2)
You CAN do AD stuff without the AD cmdlets, but it ends up being sort of like VBS. Generally you will need RSAT.
Simple solution would be to deploy it with GPO.
Re: (Score:2)
PS is worthless because, in order to do anything useful, you need to fire up visual studio.
Yea, thats basically entirely false. I use it every day in managing a network, including our storage and printing infrastructure. I do 50% of my work in the console, 30% in notepad++, and 20% in an IDE like PowerGUI or Powershell ISE.
Visual studio doesnt even work with Powershell-- Im not sure where you're getting your info, but its terribly incorrect.
Re: (Score:2)
Visual studio doesnt even work with Powershell
It does [microsoft.com] now, though this is a third party extension (albeit based on Microsoft's own Python Tools - yay open source).
Re: (Score:2)
Re: (Score:2, Troll)
Dear Microsoft,
Dear gods, please catch a ride on the clue train. Businesses don't want Windows 8 - the retraining necessary is just too costly, and all the cool features involving touch are useless for the cube farm drones.
So just stop your stupid shit, realize the Windows 7 is your nex XP, make sure that Windows 9 undoes a lot of the silly bullshit, and maybe you won't completely jump the shark.
Dear DigitalSorceress,
Please see our raised middle finger, aimed in your direction. We don't care what businesse
Naturally, they've done it before (Score:5, Insightful)
This is just an extension of the kind of coerced upgrade Microsoft's attempted before. With Vista and then with Win7, when they didn't take off on their own MS tried to force the issue by making the latest versions of IE and DirectX and such only available for Vista/7, not XP. This is the same thing: "Upgrade to Win8 or take the heat for running a vulnerable OS.". Thing is, it'll backfire the same way the "no latest DirectX on XP" did. Win7's such a large base that developers can't afford to write code that won't run on it, so they won't be able to use the new Win8-only safe functions. Which means applications will remain vulnerable on Win8, just like on Win7 where they also run.
Don't Tell Me This (Score:5, Informative)
I don't want to hear this. I just finished the migration from XP to Win7.
Do not want to go through that again for another 6 years.
Is security a feature? (Score:2)
The interesting question is: should an OS vendor be able to sell a later generation of OS as "more secure" than a previous one as a feature to induce users to migrate to it, (clearly Microsoft's position on Win 8.1 vs Win 7 ) or does it have a responsibility to make all released product as reasonably secure as it can based on what it knows to and define features as capabilities, performance, etc outside of security?
I think it's fair for Microsoft to tout improvements like more secure kernel design or other
Re: (Score:2)
Yes, they absolutely should be able to sell later generation OSes as "more secure", and totally ignore security exploits on older versions.
If customers are dumb enough to continue to patronize such a vendor, they deserve whatever happens to them.
Re: (Score:2)
This is not a patch for any known security exploit. It is preventive hardening of the code that may potentially have exploit due to use of C functions that may result in a buffer overrun, like strcpy.
Windows Tax (Score:2)
Pay the upgrade or you deal with the "other" costs.
Apple is pushing the envelope: Free OS updates. Works on their hardware back 4-5 years.
My suspicion is MS, likewise, must get into the hardware business & become vertical.
Re: (Score:3)
"14% of Windows personal computers were on Windows 8", noted by Tim Cook vs "51% of Macs on Mavericks"
Heavily fractured ecosystems are difficult for both OS & App suppliers. What is "working" in the real world.
Where are we going?
Re: (Score:2)
That means about 12.3% of computers are Windows 8 vs. 3.7% Mavericks. So take from that what you will.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
My suspicion is MS, likewise, must get into the hardware business & become vertical.
Suspicion?
That's been pretty obvious for a while.
There's even a word in the tech community coined from how Microsoft resorts to competing with its hardware partners: http://gigaom.com/2006/07/22/z... [gigaom.com] "Microsoft Partners, You Been Zunked".
For handheld devices, they've been doing since at least 2003: http://www.theregister.co.uk/2... [theregister.co.uk] .
And Surface is obviously a sign that Microsoft sees laptop vendors like HP and Dell as their direct competitors now.
Article is dumb. (Score:4, Insightful)
These are mostly new functions added for Windows 8, they don't exist in the Windows 7 SDK.
If you wrote your programs to use them, they wouldn't work on 7, only 8, which everyone seems to hate.
If MS added them to a patch for 7, there would then be 2 fragmented versions of Windows 7, so if a customer calls you asking if your software works on Windows 7, you would have to ask if they have installed KB######, and they would say 'I don't know.', or they might lie and say yes, or no, and you'll have to walk them through checking installed Windows updates...
Re: (Score:2)
Have you ever noticed the runtime libraries that application installers check for and auto-install while installing the application?
Is there some reason you couldn't do the same for these magical Win7 patch libraries/DLLs?
Re: (Score:2)
StrSafe.h has been around since XP, actually. It can also be used header-only, with all the functions declared as inline.
Nope, not gonna downgrade to Windows 9 (Score:5, Interesting)
Sorry Microsoft, people use your product for two reasons: 1) it's well entrenched 2) it's easy to use and familiar. If you want them to switch from win 7 to win 8, you have to do it by ruining the usability of win 7, not its security.
Re: (Score:3)
Actually Windows 9 will have HUGE impact on games as the DirectX will have mantle like performance where CPU waits on redraws are near gone. Trim in raid and PCI ssd is nice too and cortana ... Well we will see but I always wanted a system like the enterprise on star trek with voice.
Amazed (Score:2)
Re:Amazed (Score:4, Interesting)
Why would anyone new enter a market that has clearly peaked? Smartphones and tablets are replacing PCs for web surfing, video watching, social media, email and some gaming. You basically have your enthusiast gamers (not really that big of a market) content creators and developers left.
And I don't see how you call open source a joke. The only thing funny is that some people still look to Microsoft or Apple to tell them what technology to use. Why?
Windows 8 is a very confused product, reflecting the confusion of it's parent company.
Who needs this crap? Give Linux a chance. On the server it's a no-brainer. On the desktop, it takes some getting used to, but it is more than adequate for what you need from desktop OS.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
There are small business accounting software applications for Linux. Now maybe your or your clients prefer ones that are not on Linux, but that doesn't mean others are not satisfied with them when running Linux.
Check out GnuCash or Lazy8. Also quickbooks online works with Linux.
Re: (Score:2)
Re: (Score:2)
Supply and demand (Score:2)
I am still confounded
Aside from the fact that spreadsheet formulas cannot (easily) be ported to different spreadsheets via csv, there's a very simple supply and demand explanation, client says: "We only use MS office, that's the way we have done business for over a decade, it's what we are set up to handle now, if you can't deliver we will have to find someone who can". - Actually in the "real world" they would probably just laugh their asses off and walk away.
obig car analogy: It's like a mechanic saying I can't work on you
Windows 8 would be fine without that new UI (Score:2)
Windows 8 would be fine without that new UI.
Enterprise users are on 7 and moving to 8 now when windows 9 maybe hear next year and some have just moved to windows 7?
While you get 3rd party tools to make windows 8 like windows 7 in Enterprise useing them can be iffy.
Hitting The Geek's Berzerk Button (Score:3)
From a post to the The Register:
NumptyScrub :
The fact that these extra functions are aimed at developers, and as far as I can tell are intended to provide bounds checked variables (e.g. protected against buffer overflow shenanigans) could be cause for some concern. It does not count as a fix of existing broken functionality though, so I don't see how it would qualify as MS ''ending support'' for Win7 if they chose not to add these extras to all existing OSs of theirs.
Redmond is patching Windows 8 but NOT Windows 7, say security bods [theregister.co.uk]
My explaination (Score:3)
Well, it is relatively cheap to do things like this during development of a new major version but relatively expensive to do a security update or hotfix, so they need proof there is actually an exploitable bug, though they will often review surrounding code and do additional fixes when developing security updates.
Do they still sell windows 7? (Score:2)
If not, that is what you get for using out of date software. Get your wallet out and climb on board the upgrade train, or accept the situation and be happy.
Sarcasm aside, who honestly expects a company to support non-products ? I dont.
Re: (Score:2)
Re: (Score:2)
Yes, they still do sell win 7.
Re: (Score:2)
Microsoft publishes timelines for various degrees of support for all its products, and just because a product is no longer sold (which I doubt is actually true of Win7) doesn't mean it's out of support.
The reason why this is really a non-story is that the change is not to fix any particular security issue, it's just generic hardening of code. It's literally the Windows equivalent of replacing strcpy with strlcpy in a bunch of code, just in case there's a heretofore unknown way to trigger a buffer overrun.
How about the delete problem (Score:2, Interesting)
Duh (Score:2)
Microsoft doesn't want another Windows XP, I'll wager they are after a 5 year turn around or perhaps even faster.
$'s.
In the Microsoft boardroom... (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I can't find anything to fix. 7 is better and has more features and takes advantage of modern hardware
Re:Still sticking with XP... (Score:4, Insightful)
Yep, Windows 7 and XP are so fundamentally different in terms of the UI that it *might* have taken you all of 15 minutes to learn the differences.
And of course if it was Windows 8, it might have taken you all of 10 minutes to install a UI shell which would have made the experience exactly the same. Then again if your internet is the equivalent of a string between two cans, I can see it taking 2-3 days to find this out.
Re: (Score:3)
I take it you don't have to support an older relative who lives a long distance away who calls you up every time an icon changes location. If Windows is only for the experts then it should be labeled as such, and leave Linux for the beginners.
Re: (Score:3)
I take it you don't have to support an older relative who lives a long distance away who calls you up every time an icon changes location. If Windows is only for the experts then it should be labeled as such, and leave Linux for the beginners.
Nope, they died last year at the age of 86. Until then I did, and that distance was 3200 miles. Then again, I found that explaining to them before hand that the "icons change" and why they change, and how, makes it much easier.
Re: (Score:2)
Yeah that's real secure. FYI your chrome is not even sandboxed on it because the kernel is so ancient.
Re: (Score:2)
Except that programs are running faster on Windows XP than on Windows 7, because the OS take less CPU resources.
Bang! Idiot destroyed.
Yeah on a Pentium IV. On a modern i5 the same code will run faster as a new kernel supports better smp, page swap, ram buffers, and the runtimes use all your CPU instructions. Not part as XP had to run on Pentium IIs.
Re: (Score:2)
TL;DR
(but wrote you off as a nutter anyway)
Re: (Score:2)
Re: (Score:2, Flamebait)
Hopefully Google, Apple and Canonical find a way to replace Microsoft products before Windows 9 ships.
Out of the frying pan, into the fire..
Re: (Score:2, Interesting)
Yep but not on the Desktop. :(
I don't see the desktop disappearing either, although its role has definitely changed.
Re: (Score:3)
First: how long would this have lasted when the source had not been open? Three years? Four? Ten?
Second: The article you mention is from 2008, SIX years old so no longer relevant,
Third: Open Source is not ideal, nor is Closed Source. But WHEN a fault is found in OSS, as a rule it will be fixed. Failures may exist in CSS for long times, and be exploited, without anyone but the exploiter knowing about it. And when such a failure is exposed, you have to wait if and when the maker of the software fixes it.
So, O
Re: (Score:3)
Re:I absolutely HATE to say this but... apk (Score:5, Insightful)
MS is the IBM of the new century. No, really.
IBM was the "computer company" up 'til about the 1980s. You could simply not ignore IBM if you had anything to do with computers in a way that goes beyond hobbyist interests. You had a company and that company used computers? You had IBM. You might have had some other tools and toys, but the core of your computer system, the backbone, the framework and pretty much everything that was relevant to actually getting and keeping your computer system running was IBM.
This of course led to some serious hubris by IBM. The same "my way or the highway" attitude you can see in MS today. We tell you what you buy and you will eat our shit and call it chocolate fudge. I guess it goes without say that this didn't really sit too well with the various companies, but, well, what can you do? If you need computers in your company, you can't ignore IBM.
Times changed and PCs came, and IBM ignored them as petty machines that don't fit their paradigm of the mainframe - terminal ideal. They did enter the PC market halfheartedly, but when they noticed that the PC is here to stay, they tried to regain control over it. The MCA [wikipedia.org] illustrates this very well. It was a bus vastly superior to the (then standard) ISA bus. Their licensing practice ignored completely the emerging PC clone market, though, the market that became more and more important as small companies and private people wanted to use PCs and considered money a deciding factor for the choice of computers. Add that companies so far using IBM wanted to get out of their stranglehold and one can easily see why the "clones" became more and more popular and why a bus that was at least on par with the later very popular PCI bus never became popular or widely supported by third party manufacturers.
MS is now following that "my way or the highway" hubris. I guess they need to learn it, too, that you can only force people to drink your cool-aid as long as they don't have an alternative.
Re: (Score:2)
Liar.
http://windows.microsoft.com/e... [microsoft.com]